Skip to content

Commit

Permalink
add failedLogin hook to detect failed login attempts
Browse files Browse the repository at this point in the history
  • Loading branch information
@karakayasemi @DeepDiver1975
karakayasemi authored and DeepDiver1975 committed Jul 4, 2017
1 parent 9ffca34 commit 813b571
Show file tree
Hide file tree
Showing 3 changed files with 19 additions and 7 deletions.
14 changes: 10 additions & 4 deletions core/Controller/LoginController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
* @author Christoph Wurst <[email protected]>
* @author Joas Schilling <[email protected]>
* @author Lukas Reschke <[email protected]>
* @author Semih Serhat Karakaya <[email protected]>
* @author Thomas Müller <[email protected]>
*
* @copyright Copyright (c) 2017, ownCloud GmbH
Expand Down Expand Up @@ -182,11 +183,16 @@ public function showLoginForm($user, $redirect_url, $remember_login) {
public function tryLogin($user, $password, $redirect_url) {
$originalUser = $user;
// TODO: Add all the insane error handling
$emailUsers = $this->userManager->getByEmail($user);
if (count($emailUsers) === 1) {
$user = $emailUsers[0]->getUID();
$loginResult = $this->userSession->login($user, $password);
if ($loginResult !== true) {
$users = $this->userManager->getByEmail($user);
// we only allow login by email if unique
if (count($users) === 1) {
$user = $users[0]->getUID();
$loginResult = $this->userSession->login($user, $password);
}
}
if ($this->userSession->login($user, $password) !== true) {
if ($loginResult !== true) {
$this->session->set('loginMessages', [
['invalidpassword'], []
]);
Expand Down
4 changes: 3 additions & 1 deletion lib/private/User/Session.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@
* @author Morris Jobke <[email protected]>
* @author Robin Appelman <[email protected]>
* @author Robin McCorkell <[email protected]>
* @author Semih Serhat Karakaya <[email protected]>
* @author Thomas Müller <[email protected]>
* @author Vincent Petry <[email protected]>
*
Expand Down Expand Up @@ -70,6 +71,7 @@
* - postCreateUser(\OC\User\User $user)
* - preLogin(string $user, string $password)
* - postLogin(\OC\User\User $user, string $password)
* - failedLogin(string $user)
* - preRememberedLogin(string $uid)
* - postRememberedLogin(\OC\User\User $user)
* - logout()
Expand Down Expand Up @@ -464,7 +466,7 @@ private function loginWithPassword($uid, $password) {
$this->manager->emit('\OC\User', 'preLogin', [$uid, $password]);
$user = $this->manager->checkPassword($uid, $password);
if ($user === false) {
// Password check failed
$this->manager->emit('\OC\User', 'failedLogin', [$uid]);
return false;
}

Expand Down
8 changes: 6 additions & 2 deletions tests/Core/Controller/LoginControllerTest.php
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
<?php
/**
* @author Lukas Reschke <[email protected]>
* @author Semih Serhat Karakaya <[email protected]>
*
* @copyright Copyright (c) 2016, ownCloud, Inc.
* @license AGPL-3.0
Expand Down Expand Up @@ -427,9 +428,12 @@ public function testToNotLeakLoginName() {
->method('getUID')
->will($this->returnValue('john'));

$this->userSession->expects($this->once())
$this->userSession->expects($this->exactly(2))
->method('login')
->with('john', 'just wrong')
->withConsecutive(
['[email protected]', 'just wrong'],
['john', 'just wrong']
)
->willReturn(false);

$this->userManager->expects($this->once())
Expand Down

0 comments on commit 813b571

Please sign in to comment.